Pass the Word

By | May 21, 2014

And make it a strong one.

In my worky thingy for the making of the monies, no one pays me to be awesome, I often get to find out what people use as their password(s). As you can imagine in most instances the passwords are weaker than a two day old kitten’s whiskers. And so many people use the same password for everything. Of course I could give you a long lecture on why you should not be using ‘password’, ‘qwerty’, ‘pass123’ or ‘letmein’ as your password but seeing as after all these years people are still not catching on I don’t think it will help much.

And considering how often someone hacks a popular company or website and gets a hold of user account data you suddenly understand why using one password for everything is a bad idea. If someone has your password for one system they likely have it for many.

Instead, here are 2 ideas for you to use to make your passwords stronger and more unique

Calculate your own system/site specific password

This is easier than you might think. Here is a simple example. Feel free to make up your own little ‘algorithm’.
You need 5 things. Two words you will remember, one number (3 digits or so), the first, second or third letter of the name of the system your registering/logged in on and the length of the name of the system.  Then combine them in some fashion i.e word1 + letter from name + length of name + word2 + chosen number.
For example: Using this here website, totallyrandom.co.za

Two words = ‘coffee’ and ‘temple’

3 Digit number = 123

Second letter = ‘o’

Length of name = 13 (I ignored the .co.za bit)

Password = coffeeo13temple123

Now this will not guarantee your passwords are unique across systems (a system called toolboxtimers for instance would have the same password) but you can make up your own way of doing this depending on how complex you want to make it. There is of course the second danger that if someone does manage to figure out your algorithm and your words/digits they could access other accounts of yours.

Because I’m lazy I personally do not use this method but it is a shitload better then a standard (possibly easy to guess) password.

Use a password manager

I don’t even know what the password is to my internet banking. It looks something like this ‘1fy04MYvTEpy6uNrGtz9’. Most of my passwords look like that. Here’s another one ‘QrgZXEb7uktL729Em7rj’. Isn’t it beautiful? Now that gentle reader is a password.

And you too can have pretty passwords like that keeping your accounts and login details safe(r). The trick is using a password manager. I personally use Keepass. But there are a number of other options.

These wonderful little bits of software sorcery create an encrypted vault of your various account details and passwords (and other info) which you can only access via a master password and/or a key file. Just make sure if you use a master password that it is super strong (random letters/numbers/characters and/or more then 2 words i.e. ThisismyPassword.ItIsSuperstrong.IthasmanyWordsandisNiceandLong). Try using unrelated words

Remember that a very large portion of your life is sitting on various systems in various accounts and that your password is the first line of defense. There is no point in us developers spending ages trying to secure the account data on our system when it is all easily bypassed by a simple easy to guess/crack password.

Keeping you safe

Mr. Sinister

Leave a Reply

Your email address will not be published. Required fields are marked *


*